ENGDOCS-2329

Author: aevesdocker

_vale/Docker/Acronyms.yml

@@ -52,9 +52,12 @@ exceptions:
   - HTTP
   - HTTPS
   - IAM
+  - ID
   - IDE
   - IP
+  - IT
   - JAR
+  - JIT
   - JSON
   - JSX
   - LESS
@@ -78,6 +81,7 @@ exceptions:
   - PHP
   - POSIX
   - POST
+  - QA
   - QEMU
   - RAM
   - REPL

_vale/config/vocabularies/Docker/accept.txt

@@ -156,6 +156,7 @@ subnet
 systemd
 tmpfs
 ufw
+unmanaged
 umask
 ungated
 untrusted

content/guides/admin-user-management/_index.md

@@ -1,7 +1,7 @@
 ---
-title: Use and access management Set up your company for success with Docker
-summary: Designed to help IT administrators efficiently set up, manage, and monitor user access within Docker.
-description: Learn how to onboard your users and take advantage of all of the Docker products and features.
+title: Mastering Docker user and access management
+summary: Simplify user access while ensuring security and efficiency in Docker.
+description: A guide for managing roles, provisioning users, and optimizing Docker access with tools like SSO and activity logs.
 tags: [admin]
 params:
   featured: true
@@ -12,37 +12,30 @@ params:
       url: /admin/
     - title: Single sign-on
       url: /security/for-admins/single-sign-on/
-    - title: Enforce sign-in
-      url: /security/for-admins/enforce-sign-in/
+    - title: Onboard your organization
+      url: /admin/organization/onboard/
     - title: Roles and permissions
       url: /security/for-admins/roles-and-permissions/
-    - title: Settings Management
-      url: /security/for-admins/hardened-desktop/settings-management/
-    - title: Registry Access Management
-      url: /security/for-admins/hardened-desktop/registry-access-management/
-    - title: Image Access Management
-      url: /security/for-admins/hardened-desktop/image-access-management/
-    - title: Docker Build Cloud subscription information
-      url: /subscription/build-cloud/build-details/
-    - title: Docker Scout subscription information
-      url: /subscription/scout-details/
+    - title: Insights
+      url: /admin/organization/insights/
+    - title: Activity logs
+      url: /admin/organization/activity-logs/
 ---
 
-This guide is designed to help organizations set up, manage, and monitor user access efficiently and securely. Learn how to assign roles, configure teams, implement Single Sign-On (SSO), and leverage tools like audit logs to keep your organization running smoothly.
+Managing roles and permissions is key to securing your Docker environment while enabling seamless collaboration and operational efficiency. This guide walks IT administrators through the essentials of user and access management, offering strategies for assigning roles, provisioning users, and leveraging tools like activity logs and insights to monitor and optimize Docker usage.
 
 ## Who's this for?
 
-- IT teams: Responsible for setting up and maintaining access controls.
+- IT teams: Tasked with configuring and maintaining secure user access.
 - Security professionals: Focused on enforcing secure access practices.
-- Project managers: Overseeing team collaboration and resource access.
+- Project managers: Overseeing team collaboration and resource management.
 
 ## What you'll learn
 
-- Roles and permissions: Assign the right access levels to ensure users have what they need without overprovisioning.
-- User onboarding: Add and manage users effectively to streamline their experience.
-- Team organization: Group users into teams for scalable access control.
-- Single sign-on: Enhance security and simplify authentication with Single Sign-On.
-- Monitoring and compliance: Track user activity and enforce policies with audit logs.
+- How to assess and manage Docker user access and align accounts with organizational needs.
+- When to use team configurations for scalable access control.
+- How to automate and streamline user provisioning with SSO, SCIM, and JIT.
+- How monitoring tools like audit logs can bolster compliance.
 
 ## Tools integration 
 

content/guides/admin-user-management/audit-and-monitor.md

@@ -1,14 +1,52 @@
 ---
-title: Audit and monitor your users
-description:
+title: Monitoring and insights
+description: Track user actions, team workflows, and organizational trends with Activity logs and Insights to enhance security and productivity in Docker.
+keywords: organizational insights, user management, access control, security, monitoring, admins
 weight: 30
 ---
 
+Activity logs and insights are essential for user and access management in Docker. They provide visibility into user actions, team workflows, and organizational trends, helping enhance security, ensure compliance, and boost productivity.
 
-Auditing and Monitoring User Activity
-Regular monitoring of user activity is essential for maintaining a secure Docker environment. Docker Business provides audit logs and activity tracking to help you identify potential issues.
+## Activity logs
 
-Using Audit Logs
-Access logs from the Admin Console to track changes in user roles, team assignments, and resource permissions.
-Filter logs by date, user, or action type to pinpoint specific events.
-Identify unusual patterns, such as frequent role changes or unauthorized resource access attempts.
+Activity logs track events at the organization and repository levels, offering a clear view of activities like repository changes, team updates, and billing adjustments.
+
+### Key features
+
+ - Change tracking: View what changed, who made the change, and when.
+
+ - Comprehensive reporting: Monitor critical events such as repository creation, deletion, privacy changes, and role assignments.
+
+ - Requirements: Available for Docker Team or Docker Business plans, with data retained for three months.
+
+### Example scenarios
+
+ - Audit trail for security: A repository’s privacy settings were updated unexpectedly. The activity logs reveal which user made the change and when, helping administrators address potential security risks.
+
+ - Team collaboration review: Logs show which team members pushed updates to a critical repository, ensuring accountability during a development sprint.
+
+ - Billing adjustments: Track who added or removed subscription seats to maintain budgetary control and compliance.
+
+For more information, see [Activity logs](/manuals/admin/organization/activity-logs.md)
+
+## Insights
+
+Insights provide data-driven views of Docker usage to improve team productivity and resource allocation.
+
+### Key benefits
+
+ - Standardized environments: Ensure consistent configurations and enforce best practices across teams.
+
+ - Improved visibility: Monitor metrics like Docker Desktop usage, builds, and container activity to understand team workflows and engagement.
+
+ - Optimized resources: Track license usage and feature adoption to maximize the value of your Docker subscription.
+
+### Example scenarios
+
+ - Usage trends: Identify underutilized licenses or resources, allowing reallocation to more active teams.
+
+ - Build efficiency: Track average build times and success rates to pinpoint bottlenecks in development processes.
+
+ - Container utilization: Analyze container activity across departments to ensure proper resource distribution and cost efficiency.
+
+ For more information, see [Insights](/manuals/admin/organization/insights.md)

content/guides/admin-user-management/onboard.md

@@ -1,99 +1,86 @@
 ---
-title: Onboard your users
-description:
-weight: 10
+title: Onboarding and managing roles and ermissions in Docker
+description: Learn how to manage roles, invite members, and implement scalable access control in Docker for secure and efficient collaboration.
+keywords: sso, scim, jit, invite members, docker hub, docker admin console, onboarding, security
+weight: 20
 ---
 
-Efficiently onboarding users and managing access is critical to maintaining security and productivity with Docker.
+Learn how to invite owners, add members, and implement advanced tools like SSO and SCIM for secure and efficient access control when onboarding your organization and developers.
 
-This page provides a top-level look at th tools and techniques to simplify user onboarding and ensure your organization remains secure and scalable.
+## Step 1: Invite owners
 
-Step 1: Identify your Docker users and their Docker accounts
-Identifying your users will ensure that you allocate your subscription seats efficiently and that all your Docker users receive the benefits of your subscription.
+When you create a Docker organization, you automatically become its sole owner. While optional, adding additional owners can significantly ease the process of onboarding and managing your organization by distributing administrative responsibilities.
 
-Identify the Docker users in your organization.
-If your organization uses device management software, like MDM or JAMF, you may use the device management software to help identify Docker users. See your device management software's documentation for details. You can identify Docker users by checking if Docker Desktop is installed at the following location on each user's machine:
-Mac: /Applications/Docker.app
-Windows: C:\Program Files\Docker\Docker
-Linux: /opt/docker-desktop
-If your organization doesn't use device management software or your users haven't installed Docker Desktop yet, you may survey your users.
-Instruct all your Docker users in your organization to update their existing Docker account's email address to an address that's in your organization's domain, or to create a new account using an email address in your organization's domain.
-To update an account's email address, instruct your users to sign in to Docker Hub, and update the email address to their email address in your organization's domain.
-To create a new account, instruct your users to go sign up using their email address in your organization's domain.
-Ask your Docker sales representative or contact sales to get a list of Docker accounts that use an email address in your organization's domain.
+### Why add owners?
 
+ - Shared responsibilities: Distribute administrative tasks, such as managing roles and permissions.
 
+ - Improved continuity: Ensure seamless operations in case the primary owner is unavailable.
 
-## Step one: Secure user authentication with Single Sign-On (SSO)
+For detailed information on owners, see [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md)
 
-Single Sign-On (SSO) is essential for centralized and secure user authentication. By integrating Docker with your identity provider, you can enforce compliance and streamline user access.
+## Step 2: Invite members
 
-### Benefits of SSO
+Members are granted controlled access to resources and enjoy enhanced organizational benefits.
 
-Centralized Authentication: Users log in with their organizational credentials.
-Improved Security: Eliminates password-related vulnerabilities.
-Simplified Onboarding: SSO works seamlessly with SCIM and group mapping for automated user provisioning.
+### Why invite members?
 
-### Steps to Configure SSO
+ - Enhanced visibility: Gain insights into user activity, making it easier to monitor access and enforce security policies.
 
-Enable SSO in the Admin Console under Organization Settings.
-Connect your identity provider using SAML or OIDC.
-Test the SSO setup with a small group of users before rolling it out organization-wide.
+ - Streamlined collaboration: Help members collaborate effectively by granting access to shared resources and repositories.
 
-[Detailed SSO setup documentation](/manuals/security/for-admins/)
+ - Improved resource management: Organize and track users within your organization, ensuring optimal allocation of resources.
 
-## Step two: Onboarding Users
-Adding users to your Docker Business organization involves a mix of manual invitations and automated provisioning methods. Choose the approach that best suits your organization’s needs.
+ - Access to enhanced features: Members benefit from organization-wide perks, such as increased pull limits and access to premium Docker features.
 
-### Manual User Onboarding
+ - Security control: Apply and enforce security settings at an organizational level, reducing risks associated with unmanaged accounts.
 
-Access the Admin Console: Use the Admin Console in Docker Hub to invite and manage users.
-→ Admin Console Overview
-Send Invitations: Select Invite Users and enter their email addresses. Assign a default role during the invitation process.
-→ How to Invite Users
-Monitor Invitations: Regularly check pending invitations to ensure all users complete the sign-up process.
+For detailed information, see [Manage organization members](/manuals/admin/organization/members.md)
 
-### Automated User Provisioning with SCIM
+## Step 3: Future-proof user management
 
-For larger organizations, System for Cross-domain Identity Management (SCIM) automates user provisioning and de-provisioning, reducing manual workload and minimizing errors.
+A robust, future-proof approach to user management combines automated provisioning, centralized authentication, and dynamic access control. Implementing these practices ensures a scalable, secure, and efficient environment.
 
-How SCIM Works: SCIM connects Docker to your identity provider (e.g., Okta, Azure AD) to automatically add, update, or remove users based on changes in your directory.
-Steps to Enable SCIM:
-Configure SCIM in your identity provider.
-Generate a SCIM token in the Docker Admin Console.
-Link the token to your identity provider.
+### Secure user authentication with single sign-on (SSO)
 
-## Step three: Streamlining User Access with Group Mapping
-Group mapping simplifies access management by linking identity provider groups to Docker roles and teams. This feature ensures users are automatically assigned the correct permissions based on their directory group membership.
+Integrating Docker with your identity provider streamlines user access and enhances security.
 
-### How Group Mapping Works
-Identity provider groups (e.g., “Developers” or “Admins”) are mapped to specific Docker roles and teams.
-When users are added to these groups in your directory, their Docker permissions are automatically updated.
-### Benefits of Group Mapping
-Reduces manual assignment errors.
-Ensures consistent access control policies.
-Simplifies scaling permissions as teams grow or change.
+SSO: 
 
-## Step four: Future proofing onboarding with Just-in-Time (JIT) Provisioning
-Just-in-time provisioning ensures that users are added to your Docker organization the first time they log in, based on their identity provider credentials. This feature eliminates the need for pre-inviting users while still enforcing role-based access control.
+ - Simplifies sign in, as users sign in with their organizational credentials.
 
-### How JIT Works
-Users authenticate via SSO.
-During their first login, they are automatically added to your Docker organization and assigned roles based on group mapping.
-### Benefits of JIT Provisioning
-Streamlines onboarding for large or distributed teams.
-Reduces admin overhead by removing the need for manual user invites.
-Works seamlessly with SCIM and SSO for a fully automated provisioning process.
+ - Reduces password-related vulnerabilities.
 
+ - Simplifies onboarding as it works seamlessly with SCIM and group mapping for automated provisioning.
 
-## Best Practices for User Management
-Combine SCIM and Group Mapping: Use SCIM for user synchronization and group mapping to automate role assignments.
-Leverage JIT Provisioning: Enable JIT for dynamic onboarding without manual invites.
-Monitor Activity: Regularly review audit logs to track access and changes.
-→ Using Audit Logs
-Regularly Review Permissions: Periodically check and adjust group mappings and roles to align with organizational changes.
+[SSO documentation](/manuals/security/for-admins/single-sign-on/_index.md)
 
+### Automate onboarding with SCIM and JIT provisioning
 
-## More resources
+Streamline user provisioning and role management with [SCIM](/manuals/security/for-admins/provisioning/scim.md) and [Just-in-Time (JIT) provisioning](/manuals/security/for-admins/provisioning/just-in-time.md).
 
-https://docs.docker.com/admin/organization/onboard/
+With SCIM you can:
+
+ - Sync users and roles automatically with your identity provider.
+
+ - Automate adding, updating, or removing users based on directory changes.
+
+With JIT provisioning you can:
+
+ - Automatically add users upon first sign in based on [group mapping](#simplify-access-with-group-mapping).
+
+ - Reduce overhead by eliminating pre-invite steps.
+
+### Simplify access with group mapping
+
+Group mapping automates permissions management by linking identity provider groups to Docker roles and teams.
+
+It also:
+
+ - Reduces manual errors in role assignments.
+
+ - Ensures consistent access control policies.
+
+ - Help you scale permissions as teams grow or change.
+
+For more information on how it works, see [Group mapping](/manuals/security/for-admins/provisioning/group-mapping.md)